Built for regulated markets
Etuity Core is designed to meet the security and compliance standards that financial entities and their regulators expect.
Standards & Assurance
Independently verified
Our security controls are assessed by independent auditors and designed to support the compliance obligations of financial entities.
ISO 27001:2022
Our information security management system covers all processes, people, and technology supporting Etuity Core.
EU data protection
All customer data is stored within the EU/EEA in Microsoft Azure. We handle your data only on your instructions and for the purpose of delivering our services.
External assurance
Annual third-party penetration testing, continuous automated vulnerability scanning, and regular independent security assessments.
Security Architecture
Defence in depth
Etuity Core is hosted in Microsoft Azure with multiple layers of security controls, from infrastructure to application.
EU-only residency
All customer data is processed and stored within the EU/EEA in Microsoft Azure.
Encryption at every level
Data is protected with TLS 1.2 or higher encryption while in transit and AES‑256 encryption while at rest.
Identity and access
Our identity platform is based on Duende IdentityServer, leveraging OpenID Connect and OAuth 2.0 standards. Authentication is performed via federated identity providers such as Microsoft Entra ID and Auth0.
Continuous monitoring
Automated vulnerability scanning runs continuously. Threats are detected, classified, and remediated based on severity and impact.
Incident readiness
Preparedness is at the core of how we approach incident management. Our teams are trained to respond quickly and effectively if an incident occurs, and we work closely with affected customers throughout.
Tested resilience
Business continuity and disaster recovery plans are documented and tested.
Tenant isolation
Robust data separation is built into the core design to guarantee complete segregation for every customer from the ground up.
Provable accountability
Every action is tied to a unique, traceable identity, backed by comprehensive audit logging and continuous monitoring for security oversight.
DORA readiness
Ready for your regulatory requirements
As a provider supporting critical business functions, we understand what DORA requires our customers to ask of us. We’re structured to deliver.
Customer compliance pack
A comprehensive documentation pack covering security, governance, data processing, sub-processors, and all information needed for due diligence and your register of information.
Audit and inspection
We support the audit requirements of customers, including on-site inspections. Pooled audit and testing options available.
Incident cooperation
Our notification timelines are designed to enable you to meet your own regulatory reporting deadlines. We provide root cause analysis and ongoing cooperation.
Supply chain transparency
Full visibility into our sub-processor chain. Advance notification of changes with the opportunity to review and raise objections.
Data portability
Your data is never locked into proprietary formats. Export capabilities and full documentation of your data structure ensure you retain control.
Full transparency
Clear visibility into where your data is processed, who has access, and which sub-processors are involved.
You own the relationship
We act as a data processor. You remain as the controller. Your data is never used for any purpose beyond delivering the services you have contracted.
An organisation built around protecting your data
At Instech Solutions, the company behind Etuity Core, information security isn’t the responsibility of a single team; it’s part of how everyone works. From the boardroom agenda down to every single line of code, everyone is responsible for delivering a product you can trust. This isn’t just a policy; it’s who we are.
Data ownership
Your data is exactly that - yours.
Customer data remains your property at all times. We process it solely on your behalf, under your instruction, and for no other purpose.
Frequently asked questions
Where is customer data stored?
All customer data is processed and stored within the EU/EEA on Microsoft Azure. All support and operational access originates from our Bergen office. No customer data is processed outside the EU/EEA.
Who owns the data in Etuity Core?
You do. Customer data remains your property at all times. We process it solely on your behalf and under your instruction. Your data is never used for any other purpose. You may access, export, and import your data at any time via our APIs or through standard data export formats.
How does Instech Solutions support DORA compliance?
We provide a comprehensive customer compliance pack covering security, governance, data processing, and all information needed for your DORA due diligence and register of information. Our contractual framework is designed to address DORA requirements, and we support audit rights, incident cooperation, and testing participation.
Can we audit Instech Solutions?
Yes. We support customer audit and inspection rights, including on-site visits at our Bergen office. We also offer coordinated audit exercises where multiple customers participate together, and we cooperate fully with regulatory inspections.
Does Instech Solutions use subcontractors?
We maintain a list of all third parties involved in delivering our services, available to customers on request. Changes are communicated with advance notice, and customers have the opportunity to raise objections. All third parties are required to meet our security standards.